What is IBM QRadar User Behavior Analytics?
IBM® QRadar User Behavior Analytics (UBA) is an app that provides early visibility to insider threats. It is an extension of the IBM QRadar Security Intelligence Platform that analyzes the usage patterns of insiders to determine if their credentials or systems have been compromised by cybercriminals.
The app features a user-centric dashboard showing risky users by name and their anomalous activities, along with QRadar associated incidents. A single mouse click adds suspects to a watch list or permits a text-based annotation to explain the observations, or drill down into underlying log and flow data.
Fine-grained machine learning algorithms can detect when users alter their normal application practices, behave differently from peers, or perform invalid sequences of operations.
Why use IBM QRadar User Behavior Analytics?
Insider threats are responsible for about 60 percent of the security attacks facing organizations, many of which are the result of users’ credentials falling into the hands of hackers via internal employees, contactors or partners who are victims of malware-laden phishing attacks or other techniques.
For example, the new user behavior analytics app would alert analysts to a user logging into a high value server for the first time, from a new location, while using a privileged account. This abnormal pattern would be identified because the UBA app solution created a baseline of normal user behavior and detected a significant deviation from it.
“Insider threats are responsible for about 60 percent of the security attacks facing organizations.”
What are the benefits of IBM QRadar User Behavior Analytics?
Extends the capabilities of IBM QRadar Security Intelligence Platform
- Includes a new, integrated dashboard
- Incorporates user behavior analytics
- Provides security analysts visibility to individual users and behavioral anomalies
Addresses insider threats
- Guards against rogue insiders and cybercriminals using compromised credentials
- Checks anomalous behaviors, lateral movement, threats and data exfiltration – with a user focus
- Provides visibility to high risk users and their actions
Makes security analysts more productive
- Calculates risk scores and rank orders high risk users
- Uses data collected by QRadar and applies new, out-of-the-box behavioral rules and analytics
- Shows the log and flow data involved in a security offense
- Detects anomalies and builds user watch lists
- Displays results by user in a new QRadar tab and dashboard
- Integrates with Incident Response solutions for faster time to closure
Produces results almost immediately after deployment
- Downloads quickly and easily as a free application from the IBM Security App Exchange
- Installs quickly and provides rapid time to value
- Requires no additional investment for QRadar clients